Intelligent CISO Issue 11 | Page 50

FEATURE Rather than advising users to create random strings of alphanumeric passwords, we should be recommending the use of passphrases. combinations, making brute-force attacks on long passwords far harder for hackers to crack. But increasingly the complexity of a password also makes it much harder for people to remember, hence why password123456 is still the most popular password today. Rather than advising users to create random strings of alphanumeric passwords, we should be recommending the use of passphrases. These will still be lengthy, but made up of real words, so easier to remember. It might seem simple, but the truth is, if a password takes too long to crack, hackers will simply move onto the next batch. Static passwords simply cannot provide effective corporate protection. In 2016, the Bitglass security team leaked a fake profile onto the Dark Web to show just how quickly phished credentials can spread. Within a month, the fake employee’s credentials had been viewed over 1,400 times and there were multiple successful login attempts into the phished account. 50 The number of large-scale data breaches and the fact that users regularly re-use passwords is a real issue for businesses today. Therefore, enterprises must follow best practices in authenticating users, starting with a proactive approach to identifying suspicious logins. Dynamic identity management solutions that can detect potential intrusions, require multi-factor authentication and integrate with existing systems for managing user access can be much more effective than basic password protection. For example, if a system records an employee logging into a cloud application from a host of different countries, it can alert IT security teams of suspicious behaviour and they can lock that account, preventing a possible breach. TIM TIM BANDOS, BANDOS, SENIOR SENIOR CYBERSECURITY CYBERSECURITY DIRECTOR DIRECTOR AT DIGITAL GUARDIAN AT DIGITAL GUARDIAN Companies have a responsibility to keep data secure and a big part of that responsibility is stamping out employee’s bad password habits. This starts with educating staff about what makes a really good password and giving them advice about how to keep their accounts secure, by using unique passwords across all accounts and regularly changing them. This includes encouraging employees to use completely different passwords for their personal and professional accounts. To strengthen security, CISOs can instil policies for password creation among their users, as well as enabling two-factor authentication for an additional layer of security. These policies may include a minimum of 10-15 characters and a requirement of a mixture of numbers and special characters. Leveraging tools like password managers (Dashlane, LastPass) can also aid in developing extremely complex credentials that don’t require the end user to remember every single one. These tools can auto-populate password field boxes with your passwords in a secure manner. Ultimately, however, with the number of login dumps in recent years, password security will never be 100% secure. It’s inevitable that hackers will at some point breach a company’s network, so the focus must shift to preventing hackers from exfiltrating sensitive data. Deploying data-centric security technology can remove the risk factor associated with these threats because even if someone has access to the data, they are prevented from copying, moving or deleting it without approval. u It’s inevitable that hackers will at some point breach a company’s network, so the focus must shift to preventing hackers from exfiltrating sensitive data. Issue 11 | www.intelligentciso.com